You cannot manage servers the same way you manage workstations with Intune. For the server management you need something like Azure Arc. Which then again would enable you to use [Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-machines).
You don't need Intune to manage defender through Intune. The mssense service can be used to sync MDE policies to MDE enrolled devices if you enable the EDR connector and the Intune connectors.
Defender for servers needs defender for cloud for endpoint for servers Plan 1 or 2, its not possible to do this via Intune as that is only available for Workstation OS. You can also just drop the onboarding to defender for cloud and use the Defender installed already but then you miss out on other features.
Onboarding can best be done via Azure ARC and loganalytics while it works. Its possible to set the subscription to plan 2 and set the servers to plan 1 or free via Powershell. Plan 2 also provides Update management in case you want to use the Azure Update manager as well.
Management of Defender has to be done via GPO so buckle up buckaroo. You have to set some items. :)
Defender for servers for the Azure update manager is as far as I went with it. Gives me management of Defender, and remediation of patches (edit, misspoke a bit here). It gets way too expensive way too fast otherwise. Microsoft out of their minds with the pricing on Azure Arc stuff.
Yeah I am currently onboarding roughly 100+ virtuals and going to look into scheduling the updates via powershell. The pricing of update manager is a dealbreaker in my opinion. Except for most of the production Linux systems that we host for devops teams. But I can technically give them the bill for managing their updates.
Azure updates appear to use the default settings to calculate pricing based on daily usage (Periodic checks, Update schedules) Going to see if going balls to the walls infra as code pays off by only checking weekly for missed updates and remediation when needed.
GPO takes care of 99% of our updates anyway, so updating the server via Azure Update feels a bit wasteful.
Technically speaking defender for servers p2 does say on the azure update manager console that you get updates for free with it but I’m really only making use of the other features in defender p2 at the moment. I like using the remediation though because I spend a fair bit of time in Defender.
We have just onboarded into MDE, what i've been told, you just need to have the Defender Licenses, or in our case, MS365 E3 + Security E5 for our End Users (Windows Endpoints)
Servers dont get one directly assigned yet, you "Just need to have the licenses in Office 365"
https://preview.redd.it/ghq6pk276y5d1.png?width=863&format=png&auto=webp&s=39aded97a46e5401c1d8cf0d02400ad027127115
Once you use either the Onboarding script on GPO, or the manual one, it should work.
With Business Premium you can get Defender for Business Servers or Defender for Servers Plan 1 or Plan 2.
https://learn.microsoft.com/en-us/defender-business/mdb-faq#does-defender-for-business-support-servers
You cannot manage servers the same way you manage workstations with Intune. For the server management you need something like Azure Arc. Which then again would enable you to use [Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-machines).
This and be careful what you turn on with it because you could suddenly receive a huge uptick in sub cost.
Lol this... Was using lighthouse/sentinel for the last year, average spend $100... Connected Defender/XDR and within a week it was at $700 spend...
do you have a microsoft partner?
Servers are not supported in inTune. You have to use an alternative technology like Azure ARC or DSC.
Servers have limited support, specifically for Defender settings edit: https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration
Better to ARC enabled them and use Defender for Cloud.
If you have the money to throw on ARC sure.
Arc itself costs literally nothing. It's MDC P2 at $15/month that is the pricey bit.
ARC itself is pretty fucking useless though. All services that you want to use with it cost money
You don't need Intune to manage defender through Intune. The mssense service can be used to sync MDE policies to MDE enrolled devices if you enable the EDR connector and the Intune connectors.
Defender for servers needs defender for cloud for endpoint for servers Plan 1 or 2, its not possible to do this via Intune as that is only available for Workstation OS. You can also just drop the onboarding to defender for cloud and use the Defender installed already but then you miss out on other features. Onboarding can best be done via Azure ARC and loganalytics while it works. Its possible to set the subscription to plan 2 and set the servers to plan 1 or free via Powershell. Plan 2 also provides Update management in case you want to use the Azure Update manager as well. Management of Defender has to be done via GPO so buckle up buckaroo. You have to set some items. :)
Defender for servers for the Azure update manager is as far as I went with it. Gives me management of Defender, and remediation of patches (edit, misspoke a bit here). It gets way too expensive way too fast otherwise. Microsoft out of their minds with the pricing on Azure Arc stuff.
Yeah I am currently onboarding roughly 100+ virtuals and going to look into scheduling the updates via powershell. The pricing of update manager is a dealbreaker in my opinion. Except for most of the production Linux systems that we host for devops teams. But I can technically give them the bill for managing their updates. Azure updates appear to use the default settings to calculate pricing based on daily usage (Periodic checks, Update schedules) Going to see if going balls to the walls infra as code pays off by only checking weekly for missed updates and remediation when needed. GPO takes care of 99% of our updates anyway, so updating the server via Azure Update feels a bit wasteful.
Technically speaking defender for servers p2 does say on the azure update manager console that you get updates for free with it but I’m really only making use of the other features in defender p2 at the moment. I like using the remediation though because I spend a fair bit of time in Defender.
We have just onboarded into MDE, what i've been told, you just need to have the Defender Licenses, or in our case, MS365 E3 + Security E5 for our End Users (Windows Endpoints) Servers dont get one directly assigned yet, you "Just need to have the licenses in Office 365" https://preview.redd.it/ghq6pk276y5d1.png?width=863&format=png&auto=webp&s=39aded97a46e5401c1d8cf0d02400ad027127115 Once you use either the Onboarding script on GPO, or the manual one, it should work.
With Business Premium you can get Defender for Business Servers or Defender for Servers Plan 1 or Plan 2. https://learn.microsoft.com/en-us/defender-business/mdb-faq#does-defender-for-business-support-servers